Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.

AEM 6.1 Session Expiry

Avatar

Level 4

Hi There,

We've noticed an issue with AEM 6.1 using SAML integration on a Publish server.  We have a server which allows anonymous access to all pages, but also allows users to login via SAML.

What we have found is that when the session expires, that the server requests return a 403 error - even though the pages should be accessible to everyone

Is there a *standard* way to clear the session token?  I notice there is a the Token Cleanup Handler in OSGi config [1], which is supposed to default to 1 hour (actually defaults to 24 hours)

We also looked at the Oak documentation at this link [2] regarding "Token Removal" - noticing the token did not get removed automatically

Thanks,

Tim

1. http://localhost:4503/system/console/configMgr/com.day.crx.security.token.impl.TokenCleanupTask

2.  http://jackrabbit.apache.org/oak/docs/security/authentication/token/default.html

1 Reply

Avatar

Level 10

I am checking with the support team - if its not behaving as listed in the admin console - there seems to be a bug somewhere.